From f6fad686650aaf264b2acee848825e2183a944e3 Mon Sep 17 00:00:00 2001
From: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Date: Tue, 9 Aug 2011 16:31:54 -0700
Subject: USB: Avoid NULL pointer deref in usb_hcd_alloc_bandwidth.

commit 8a9af4fdf6d5eeb3200a088354d266a87e8260b0 upstream.

usb_ifnum_to_if() can return NULL if the USB device does not have a
configuration installed (usb_device->actconfig == NULL), or if we can't
find the interface number in the installed configuration.  Return an
error instead of crashing.

Signed-off-by: Sarah Sharp <sarah.a.sharp@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
 drivers/usb/core/hcd.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'drivers/usb/core')

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index ace9f8442e5..39ea00bfb9c 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1764,6 +1764,8 @@ int usb_hcd_alloc_bandwidth(struct usb_device *udev,
 		struct usb_interface *iface = usb_ifnum_to_if(udev,
 				cur_alt->desc.bInterfaceNumber);
 
+		if (!iface)
+			return -EINVAL;
 		if (iface->resetting_device) {
 			/*
 			 * The USB core just reset the device, so the xHCI host
-- 
cgit v1.2.2